Still can't find what you're looking for?
Cloudhouse Guardian (Guardian) offers two methods for scanning nodes, via an Agent or a Connection Manager. Depending on what operating system your device is using, you may have opted for the Linux Agent and/or Connection Manager, or the Windows Agent and/or Connection Manager. There are many configuration opportunities for each of these services; this topic describes the most frequently applied settings.
Note: This is not an exhaustive list. If you have any questions about the settings described, or would like to discuss further opportunities for customisation, please contact helpdesk@cloudhouse.com.
Configuration File
The Linux/Windows configuration file defines the parameters, options, settings, and preferences applied to the Agent/Connection Manager's operating system host. Here, you can apply various configuration settings to your Agent/Connection Manager to better align your deployment.
Linux
The configuration file for the Linux Agent/Connection Manager is:
-
/etc/scriptrock/scriptrock.yml
Example
The following example outlines the default configuration file for a Linux Connection Manager.
api_key: my-api-key
connect_url: https://my.config.instance.url
node_name: your-node-name
node_uuid: 2c7757c9-7a74-4003-a29f-a1ae6134d62b
channels:
- 3
- 6
- 8
cmd_blacklist:
proxy:
host: ""
password: ""
port: 0
username: ""Any additional configuration settings should be added to the bottom of the file, with no indentation.
Windows
The configuration file for the Windows Agent/Connection Manager is:
-
C:\Program Files\Cloudhouse Guardian\config
Example
The following example outlines the default configuration file for a Windows Connection Manager.
---
test_timeout: 90
connect_url: https://my.config.instance.url
api_key: my-api-key
node_uuid: 2c7757c9-7a74-4003-a29f-a1ae6134d62bAny additional configuration settings should be added to the bottom of the file, with no indentation.
Configuration Settings
The following section describes some of the most frequently customized settings within the configuration file.
Test Timeout
By default, the timeout for each test run on a node is 45 seconds. For a large numbers of files, this value may need to be increased. We advise starting with 300 seconds to change the timeout to 5 minutes. For anything more substantial, please contact helpdesk@cloudhouse.com.
|
Option |
Description |
|---|---|
| Key | test_timeout
|
| Value |
Timeout for each test run on a node, in seconds |
| Default | 45
|
| Increase this Value If |
You receive timeout errors in the results of a node scan |
REST Timeout
Once an Agent or Connection Manager has been deployed, it polls the Guardian API every 30 seconds checking if there is any work to be completed. For example, the scheduled scan of a node. This method of communication is achieved via a REST API request and response. For slower connections, this timeout can be increased so that the scan process completes successfully.
|
Option |
Description |
|---|---|
| Windows Key | rest_http_timeout
|
| Linux Key | http_timeout
|
| Value |
Timeout when contacting the Guardian API (on the appliance), in seconds |
| Default | 30
|
| Increase this Value If |
You are experiencing scan failures where the scan completes, but is not uploaded to the Guardian appliance |
Ignore SSL Certificate
Optional ability to ignore certificate warnings. For insecure connections to the Guardian appliance, Cloudhouse recommend setting this value to true. However, we also recommend that you do not enable this setting permanently, and instead work with your IT Team and Guardian Representative to install a valid certificate on the appliance.
|
Option |
Description |
|---|---|
| Key | ignore_ssl_cert_check
|
| Value | true or false |
| Default | false
|
Ignore Node SSL Certificate Windows Only
If a node defaults to an SSL connection, and you do not use certificates in your connection to the node, set this value to true.
For example, most users do not set up valid certificates for their internal VMWare server. If you were to add a VMWare server as a node in Guardian, if it did not have a valid certificate, you would set this value to true.
|
Option |
Description |
|---|---|
| Key | ignore_ssl_cert_check
|
| Value | true or false |
| Default | false
|
Poll Interval
This value determines how often the Agent/Connection Manager polls the Guardian appliance to check if there are any jobs for it to complete.
|
Option |
Description |
|---|---|
| Key | poll_interval
|
| Value | Interval between check-ins to the appliance, in seconds |
| Default | 5
|
| Increase this Value To |
Reduce the amount of network activity |
| Decrease this Value To |
Increase job speed |
Proxy
If your connection from the Agent/Connection Manager to the Guardian appliance goes through a proxy, you can define the proxy settings in the configuration file using the following YAML block:
Note: Any additional configuration settings should be added to the bottom of the configuration file, with no indentation.
proxy:
host: my.proxy.hostname
port: 1234
username: proxyuser
password: proxypass|
Option |
Description |
|---|---|
| Key | proxy
|
| Value | YAML block with the proxy settings |
| Default | None |
File Scan Limit
The maximum number of files permitted to be scanned per node. By default, this is set to 1,500 files. If you require this value to be set to 5,000 or more, this may affect your appliance's performance. Please contact helpdesk@cloudhouse.com to discuss the available solutions.
|
Option |
Description |
|---|---|
| Windows Key | max_number_files
|
| Linux Key | max_scan_files
|
| Value |
Number of files that can be scanned on a node |
| Default | 1500 |
File Size Limit
The maximum size of a file that is permitted to be scanned, in KB. Any file that is scheduled to be scanned that exceeds this limit will not be scanned, instead, an error message will be displayed in the Node Scan Results. For more information, see Scan Nodes.
|
Option |
Description |
|---|---|
| Key | max_content_check_file_size
|
| Value | Maximum file size when scanning file contents, in KB |
| Default | 100
|
Registry Scan Limit Windows Only
The maximum number of registry keys that are permitted to be returned in a scan.
|
Option |
Description |
|---|---|
| Key | max_number_registry
|
| Value | Number of registry keys to scan |
| Default | 1500
|
Alternate Hostname Windows Only
Optional ability to override the hostname reported to the Guardian appliance for the Agent or Connection Manager.
Note: This functionality was introduced in Guardian v4.8.29.
|
Option |
Description |
|---|---|
| Key | alternate_hostname
|
| Value | String of the hostname to report to the Guardian appliance |
| Default | None |